Enhancing the Security and Efficiency of 3-D Secure

Assora, Mohammed; Shirvani, Ayoub

doi:10.1007/11836810_35

Enhancing the Security and Efficiency of 3-D Secure

Mohammed Assora²¹ &
Ayoub Shirvani²¹

Conference paper

1571 Accesses
1 Citations

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4176))

Abstract

Security is a major concern for all involved in E-Commerce and particularly in the case of online transactions using debit/credit card. Following the failure of Secure Electronic Transaction (SET), 3-D Secure is an emerging industry standard for online transaction security. Although 3-D Secure is a well designed protocol, it is still prone to some security problems and excessive numbers of messages which could reduce the speed of transaction. This paper uses a new cryptographic technique based on password only authentication and key exchange to present a new vision for 3-D Secure. The new vision covers the security problems and reduces the number of messages for 3-D Secure. Moreover, the new vision has the development ability to simulate SSL/TLS in its simplicity and at the same time abolishes SSL/TLS security glitches. This simplicity and security are the necessary factors for online transaction protocol to be the future standard.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Visa International Service Association. 3-D Secure Protocol Specification: Core functions version 1.0.2 (July 2002)
Google Scholar
Visa International Service Association. 3-D Secure Protocol Specification: System over-view version 1.0.2 (July 2002)
Google Scholar
Jarupunphol, P., Mitchell, C.J.: Measuring 3-D Secure and 3-D SET against ecommerce end-user requirements. In: Proceedings of the 8th Collaborative electronic commerce technology and research conference, National University of Ireland, Galway, pp. 51–64 (June 2003)
Google Scholar
Rubin, A.D., Geer, D., Ranum, M.J.: Web security sourcebook A complete guide to web security threats and solutions. John Wiley and sons, Chichester (1997)
Google Scholar
Ghosh, A.k.: E-commerce security: weak links, best defenses. John Wiley and sons, Chichester (1998)
Google Scholar
Bellovin, S.M., Merritt, M.: Encrypted key exchange: Password-based protocols secure against dictionary attacks. In: 1992 IEEE Symposium on Security and Privacy, Oakland, CA, May 1992, pp. 72–84. IEEE Computer Society Press, Los Alamitos (1992)
Chapter Google Scholar
Boyd, C., Mathuria, A.: Protocols for authentication and key establishment. Springer, Berlin, Germany (2003)
Google Scholar
IEEE Standard 1363.2 Study Group. Password-Based Public-Key Cryptography, Available from: http://grouper.ieee.org/groups/1363/passwdPK
Taylor, D., Wu, T., Mavrogiannopoulos, N., Perrin, T.: Using SRP for TLS Authentication. Internet draft-ietf-tls-srp-10. 06/10/05, expires 09/04/06
Google Scholar
Abdalla, M., Chevassut, O., Fouque, P.-A., Pointcheval, D.: A Simple Threshold Authenticated Key Exchange from Short Secrets. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 566–584. Springer, Heidelberg (2005)
Chapter Google Scholar
Bresson, E., Chevassut, O., Pointcheval, D.: New security results on encrypted key exchange. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 145–158. Springer, Heidelberg (2004)
Chapter Google Scholar
Freier, A.O., Karlton, P., Kocher, P.C.: The SSL protocol version 3.0. Netscape (1996)
Google Scholar
Dierks, T., Allen, C.: The TLS protocol. version 1.0. IETF, RFC 2246 (January 1999)
Google Scholar
Wu, T.: SRP-6: Improvements and Refinements to the Secure Remote Password Protocol, Submission to the IEEE P1363 Working Group (October 2002)
Google Scholar
Wu, T.: The SRP Authentication and Key Exchange System. IETF, RFC 2945 (September 2000)
Google Scholar
Wu, T.: The secure remote password protocol. In: Proceeding of the internet Society Network and Distributed System Symposium, pp. 97–111 (March 1998)
Google Scholar
The Stanford SRP Authentication Project, Stanford University, USA, http://srp.stanford.edu/
Open SSL project, http://www.openssl.org/

Download references

Author information

Authors and Affiliations

Anglia Ruskin University, Chelmsford, Essex, CM1 1LL, UK
Mohammed Assora & Ayoub Shirvani

Authors

Mohammed Assora
View author publications
You can also search for this author in PubMed Google Scholar
Ayoub Shirvani
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

University of the Aegean, University Hill, 81100, Mytilene, Greece
Sokratis K. Katsikas
Department of Information and Communication Technologies, University of A Coruña, Spain
Javier López
MPI-SWS,
Michael Backes
Department of Information and Communication Systems Engineering, University of the Aegean, Karlovassi, Samos, Greece
Stefanos Gritzalis
Interdisciplinary Institute for BroadBand Technology (IBBT), Belgium
Bart Preneel

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Assora, M., Shirvani, A. (2006). Enhancing the Security and Efficiency of 3-D Secure. In: Katsikas, S.K., López, J., Backes, M., Gritzalis, S., Preneel, B. (eds) Information Security. ISC 2006. Lecture Notes in Computer Science, vol 4176. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11836810_35

Download citation

DOI: https://doi.org/10.1007/11836810_35
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-38341-3
Online ISBN: 978-3-540-38343-7
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics